The need for assurance is never more acute than in times of turbulence and uncertainty. The events following the financial market crisis demonstrate the catastrophic consequence of risk taking that exceeds the board's appetite, and of not joining up risk intelligence for sound decision making. Boards and senior management alike consistently seek the 'one truth' about risk exposures and strength of controls but are continuing to grapple with the challenge. Much has been written about assurance and the governance of risks, but mainly by those who provide it - such as internal auditors, accountants and information security technologists - for the purpose of advancing their professional practices. Less is written for or by those in governance who need assurance for the effective discharge of their responsibilities. Regulations do not usually go beyond acknowledging its importance and rely on those in the boardroom to get it right. Studies have consistently shown the link between weak corporate governance and corporate failures. The lack of reliable assurance has often been a factor. Assurance, as an integral part of corporate governance, cannot be taken for granted. It requires conscious action across the organisation. It is time to rethink assurance beyond its usual functional boundaries, to focus on what matters to the business and how discussions in the board room can be better supported by more joined up assurance. This book provides practical guidance for those who need that support as well as those who deliver assurance.
Vicky Kubitscheck is an expert in risk governance, with over 30 years' experience in financial services working with boards and executive management to develop and establish systems of risk management and governance in response to evolving regulatory and strategic business requirements. She was described as 'one of the most original and thorough thinkers in the risk management world' by Robert Bruce, journalist and ex-editor of Accountancy Age. The book reflects her practical experience as an advisor at board level and from her senior umbrella roles in risk, compliance and audit at global organisations such as AEGON and AXA. Vicky's current portfolio includes being a nonexecutive director of a private bank, Chief Risk Officer and Compliance Director at Police Mutual Group, the UK's largest affinity friendly society, and a board advisor. A Fellow of both the IoD and Institute of Internal Auditors, Vicky is also the Chair of the Insurance Internal Audit Group and sat on the FRC advisory group set up to consult on its integrated governance code. She has contributed to books and written professional guidance. Her publications include 'Risk management: finding the value within', 'Business dis-continuity - a risk too far' and 'CSA in a financial services organisation' (Balance Sheet).
Contents: Foreword; Preface. Part I Introduction - the Case for Integrated Assurance: Governance in the New Order: Corporate governance on trial; Risk taking and oversight; Assurance against excessive risk taking; Openness and transparency; Accountability; Rethinking assurance. Part II Risk Assurance beyond Boundaries: Seeking the holistic risk and assurance picture; Assurance in a three lines of defence model; The current faces of integrated assurance; Defining a framework for integrated assurance. Part III Implementing Integrated Assurance: Integrated risk assurance mapping; Integrated assurance at Level 1; Integrated assurance at Level 2; Integrated assurance at Level 3; Getting started; Key implementation challenges. Part IV Case Studies: Introduction; Audit committee approval of audit plans; Reviewing the need for an internal audit function; Optimising risk assurance in a fast growing entity; Enhancing risk governance to match growth ambitions; Optimising risk assurance in line with strategic change; Sharpening and simplifying risk governance and assurance; A deep dive risk oversight for a subsidiary; Spotlighting a risk for oversight and assurance; Promoting collective risk intelligence. Bibliography; Index.